Title: [275387] trunk/Source/WebKit
- Revision
- 275387
- Author
- [email protected]
- Date
- 2021-04-01 15:19:59 -0700 (Thu, 01 Apr 2021)
Log Message
Add IOKit method filter telemetry
https://bugs.webkit.org/show_bug.cgi?id=223652
<rdar://problem/75751391>
Reviewed by Brent Fulgham.
Add IOKit method filter telemetry in the WebContent sandbox on macOS and iOS.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (275386 => 275387)
--- trunk/Source/WebKit/ChangeLog 2021-04-01 22:19:41 UTC (rev 275386)
+++ trunk/Source/WebKit/ChangeLog 2021-04-01 22:19:59 UTC (rev 275387)
@@ -1,3 +1,16 @@
+2021-04-01 Per Arne <[email protected]>
+
+ Add IOKit method filter telemetry
+ https://bugs.webkit.org/show_bug.cgi?id=223652
+ <rdar://problem/75751391>
+
+ Reviewed by Brent Fulgham.
+
+ Add IOKit method filter telemetry in the WebContent sandbox on macOS and iOS.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2021-04-01 Dean Jackson <[email protected]>
Add #import for when unified sources doesn't import it first.
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (275386 => 275387)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2021-04-01 22:19:41 UTC (rev 275386)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2021-04-01 22:19:59 UTC (rev 275387)
@@ -96,7 +96,7 @@
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap)
- (allow
+ (allow (with telemetry) (with message "IOMobileFramebufferUserClient")
iokit-external-method)
)
)
@@ -238,6 +238,18 @@
(extension "com.apple.webkit.extension.iokit")
(iokit-connection "IOGPU")
)
+ (when (defined? 'iokit-external-method)
+ (apply-message-filter
+ (deny (with telemetry)
+ iokit-external-trap)
+ (allow (with telemetry) (with message "IOGPU")
+ iokit-async-external-method
+ iokit-external-method)
+ )
+ )
+ )
+
+ (allow iokit-open
(require-all
(extension "com.apple.webkit.extension.iokit")
(iokit-user-client-class "AGXDeviceUserClient") ;; Used by WebGL
@@ -246,9 +258,41 @@
(apply-message-filter
(deny (with telemetry)
iokit-external-trap)
- (allow
+ (allow (with telemetry) (with message "AGXDeviceUserClient")
iokit-async-external-method
- iokit-external-method)
+ iokit-external-method
+ )
+ (allow iokit-async-external-method
+ (iokit-method-number
+ 43
+ )
+ )
+ (allow iokit-external-method
+ (iokit-method-number
+ 0
+ 2
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+ 10
+ 11
+ 12
+ 13
+ 14
+ 15
+ 16
+ 25
+ 26
+ 27
+ 36
+ 38
+ 44
+ )
+ )
+
)
)
)
@@ -416,8 +460,13 @@
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap)
- (allow
+ (allow (with telemetry) (with message "IOSurfaceAcceleratorClient")
iokit-external-method)
+ (allow iokit-external-method
+ (iokit-method-number
+ 1
+ )
+ )
)
)
)
@@ -432,8 +481,31 @@
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap)
- (allow
+ (allow (with telemetry) (with message "IOSurfaceRootUserClient")
iokit-external-method)
+ (allow iokit-external-method
+ (iokit-method-number
+ 0
+ 1
+ 2
+ 3
+ 5
+ 9
+ 10
+ 11
+ 13
+ 14
+ 15
+ 20
+ 21
+ 23
+ 27
+ 31
+ 32
+ 34
+ 35
+ )
+ )
)
)
)
@@ -1026,7 +1098,7 @@
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap)
- (allow
+ (allow (with telemetry) (with message "IOSurfaceRootUserClient no extension")
iokit-external-method)
)
)
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (275386 => 275387)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-04-01 22:19:41 UTC (rev 275386)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-04-01 22:19:59 UTC (rev 275387)
@@ -144,10 +144,40 @@
)
(with telemetry-backtrace)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "IOAccelerator")
iokit-async-external-method
iokit-external-method
)
+ (allow iokit-async-external-method
+ (iokit-method-number
+ 47
+ )
+ )
+ (allow iokit-external-method
+ (iokit-method-number
+ 0
+ 2
+ 5
+ 6
+ 7
+ 8
+ 9
+ 10
+ 11
+ 12
+ 13
+ 15
+ 16
+ 17
+ 18
+ 29
+ 30
+ 31
+ 40
+ 42
+ 48
+ )
+ )
(deny (with telemetry)
iokit-external-trap
)
@@ -192,10 +222,38 @@
)
(with telemetry-backtrace)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "IOSurfaceRootUserClient")
iokit-async-external-method
iokit-external-method
)
+ (allow iokit-async-external-method
+ (iokit-method-number
+ 17
+ )
+ )
+ (allow iokit-external-method
+ (iokit-method-number
+ 0
+ 1
+ 2
+ 3
+ 9
+ 10
+ 11
+ 12
+ 13
+ 14
+ 15
+ 20
+ 23
+ 27
+ 31
+ 32
+ 34
+ 35
+ 44
+ )
+ )
(deny (with telemetry)
iokit-external-trap
)
@@ -224,9 +282,14 @@
)
(with telemetry-backtrace)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "AppleIntelMEUserClient")
iokit-external-method
)
+ (allow iokit-external-method
+ (iokit-method-number
+ 120
+ )
+ )
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap
@@ -251,9 +314,14 @@
)
(with telemetry-backtrace)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "AppleSNBFBUserClient")
iokit-external-method
)
+ (allow iokit-external-method
+ (iokit-method-number
+ 120
+ )
+ )
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap
@@ -301,10 +369,18 @@
)
(with telemetry-backtrace)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "AppleGraphicsControlClient")
iokit-async-external-method
iokit-external-method
)
+ (allow iokit-external-method
+ (iokit-method-number
+ 0
+ 1
+ 3
+ 11
+ )
+ )
(deny (with telemetry)
iokit-external-trap
)
@@ -350,9 +426,16 @@
)
(with telemetry-backtrace)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "AppleMGPUPowerControlClient")
iokit-external-method
)
+ (allow iokit-external-method
+ (iokit-method-number
+ 0
+ 1
+ 3
+ )
+ )
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap
@@ -932,9 +1015,18 @@
)
(with telemetry-backtrace)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "AppleUpstreamUserClient")
iokit-external-method
)
+ (allow iokit-external-method
+ (iokit-method-number
+ 0
+ 1
+ 3
+ 4
+ 5
+ )
+ )
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap
@@ -958,9 +1050,14 @@
)
(with telemetry-backtrace)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "RootDomainUserClient")
iokit-external-method
)
+ (allow iokit-external-method
+ (iokit-method-number
+ 3
+ )
+ )
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap
@@ -985,9 +1082,18 @@
)
(with telemetry-backtrace)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "AudioAUUC")
iokit-external-method
)
+ (allow iokit-external-method
+ (iokit-method-number
+ 0
+ 1
+ 3
+ 4
+ 5
+ )
+ )
(deny (with telemetry)
iokit-async-external-method
iokit-external-trap
@@ -1945,10 +2051,17 @@
)
)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "IOSurfaceRootUserClient no extension")
iokit-async-external-method
iokit-external-method
)
+ (allow iokit-external-method
+ (iokit-method-number
+ 13
+ 32
+ 44
+ )
+ )
(deny (with telemetry)
iokit-external-trap
)
@@ -1990,10 +2103,32 @@
)
)
(apply-message-filter
- (allow
+ (allow (with telemetry) (with message "IOAccelerator no extension")
iokit-async-external-method
iokit-external-method
)
+ (allow iokit-async-external-method
+ (iokit-method-number
+ 0
+ )
+ )
+ (allow iokit-external-method
+ (iokit-method-number
+ 0
+ 1
+ 2
+ 4
+ 5
+ 7
+ 8
+ 9
+ 10
+ 11
+ 12
+ 22
+ 256
+ )
+ )
(deny (with telemetry)
iokit-external-trap
)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
